You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Anchore's policy controls for vulnerabilities are extensive so enabling the adapter to combine the results of the policy evaluation and raw vulnerability report would enable fine-grained control over what vulnerabilities are reported to Harbor to help make the results in Harbor more useful.
Initial impl is to call the policy evaluation and vuln report and filter the vuln report results by the ids returned in the policy evaluation from the vulnerabilities.package trigger output. Can make the adapter configurable to only show 'stop', 'warn', or all reported finding actions for vulns in the policy findings. (e.g. show only entries that have a 'stop' action so as to support anchore's whitelist features).
Care must be taken to not conflict with Harbor's own management features like CVE whitelists.
The text was updated successfully, but these errors were encountered:
Anchore's policy controls for vulnerabilities are extensive so enabling the adapter to combine the results of the policy evaluation and raw vulnerability report would enable fine-grained control over what vulnerabilities are reported to Harbor to help make the results in Harbor more useful.
Initial impl is to call the policy evaluation and vuln report and filter the vuln report results by the ids returned in the policy evaluation from the vulnerabilities.package trigger output. Can make the adapter configurable to only show 'stop', 'warn', or all reported finding actions for vulns in the policy findings. (e.g. show only entries that have a 'stop' action so as to support anchore's whitelist features).
Care must be taken to not conflict with Harbor's own management features like CVE whitelists.
The text was updated successfully, but these errors were encountered: